SIM maker Gemalto says no evidence of mass encryption theft

A man is silhouetted near logos of the U.S. National Security Agency (NSA) and Wikipedia in this photo illustration taken in Sarajevo March 11, 2015. REUTERS/Dado Ruvic/File Photo

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. NSA/Handout via REUTERS THIS IMAGE HAS BEEN SUPPLIED BY A THIRD PARTY. IT IS DISTRIBUTED, EXACTLY AS RECEIVED BY REUTERS, AS A SERVICE TO CLIENTS. FOR EDITORIAL USE ONLY. NOT FOR SALE FOR MARKETING OR ADVERTISING CAMPAIGNS

U.S. President Barack Obama speaks following a meeting with his National Security Council at CIA Headquarters in Langley, Virginia April 13, 2016. REUTERS/Kevin Lamarque

WASHINGTON, DC - APRIL 02: Detail of the cufflinks of former Deputy CIA Director Michael Morell as he testifies before the House Select Intelligence Committee April 2, 2014 in Washington, DC. The committee heard testimony on the topic of 'The Benghazi Talking Points and Michael J. Morell's Role in Shaping the Administration's Narrative.' (Photo by Win McNamee/Getty Images)

WASHINGTON, DC - APRIL 02: Former Deputy CIA Director Michael Morell is sworn in prior to testimony before the House Select Intelligence Committee April 2, 2014 in Washington, DC. The committee heard testimony on the topic of 'The Benghazi Talking Points and Michael J. Morell's Role in Shaping the Administration's Narrative.' (Photo by Win McNamee/Getty Images)

A picture taken on February 25, 2015 shows the logo of Gemalto in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)

Visitors gather in the Gemalto NV pavilion at the Mobile World Congress in Barcelona, Spain, on Wednesday, Feb. 27, 2013. The Mobile World Congress, where 1,500 exhibitors converge to discuss the future of wireless communication, is a global showcase for the mobile technology industry and runs from Feb. 25 through Feb. 28. Photographer: Simon Dawson/Bloomberg via Getty Images

Gemalto CEO Olivier Piou (C) arrives for a press conference on February 25, 2015 in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)

Gemalto CEO Olivier Piou (C) gives a press conference on February 25, 2015 in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)

Gemalto CEO Olivier Piou shows a cell phone sim card before a press conference on February 25, 2015 in Paris. European SIM maker Gemalto said it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any 'massive theft' of encryption keys that could be used to spy on conversations. AFP PHOTO KENZO TRIBOUILLARD (Photo credit should read KENZO TRIBOUILLARD/AFP/Getty Images)

BERLIN, GERMANY - JANUARY 29: Symbolic photo for data protection, reflection of the seal of the National Security Agency in a computer hard drive on January 29, 2015 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)

Michael Rogers, director of the U.S. National Security Agency (NSA), speaks during an interview in New York, U.S., on Thursday, Jan. 8, 2015. The hacking attack on Sony Pictures Entertainment is prompting U.S. officials to rethink when the government should help private companies defend against and deter digital assaults, Rogers said. Photographer: Victor J. Blue/Bloomberg via Getty Images

Visitors chat near a reception desk at the Gemalto NV promotional stand on the opening day of the Mobile World Congress in Barcelona, Spain, on Monday, Feb. 27, 2012. The Mobile World Congress, operated by the GSMA, expects 60,000 visitors and 1400 companies to attend the four-day technology industry event which runs Feb. 27 through March 1. Photographer: Chris Ratcliffe/Bloomberg via Getty Images

An employee displays a Gemalto NV M2M quad sim card at the Mobile World Congress in Barcelona, Spain, on Wednesday, Feb. 27, 2013. The Mobile World Congress, where 1,500 exhibitors converge to discuss the future of wireless communication, is a global showcase for the mobile technology industry and runs from Feb. 25 through Feb. 28. Photographer: Simon Dawson/Bloomberg via Getty Images

GERMANY, BONN - DECEMBER 12:Â Symbol photo of a computer hard drive with the logo of the National Security Agency (NSA), on December 12, 2014 in Bonn, Germany. (Photo by Ulrich Baumgarten via Getty Images)

WASHINGTON, DC - NOVEMBER 20: Adm. Michael Rogers, commander of the U.S. Cyber Command and director of the National Security Agency, testifies during a hearing before the House (Select) Intelligence Committee November 20, 2014 on Capitol Hill in Washington, DC. The committee held a hearing on 'Cybersecurity Threats: The Way Forward.' (Photo by Alex Wong/Getty Images)

Just days after news broke of state intelligence agencies allegedly stealing millions of its SIM card encryption keys, Gemalto says an internal audit has found no such evidence.

Gemalto said it suspects the National Security Agency and its British counterpart, the Government Communications Headquarters, hacked its systems as far back as 2010 but only "breached its office networks." The company says there was no large-scale theft of SIM encryption keys.

The company is one of the world's largest producers of SIM cards. Each year it sends 2 billion chips to telecom providers all over the world, including the big stateside carriers.

The little cards can store data, like messages or apps. They're used for mobile payments in some areas and, critically, each one carries an encryption key known as a "Ki," which is physically burned into the structure of the chip and used for communicating with telecom networks.

A report in The Intercept cited documents from Edward Snowden's archive of leaks. It alleged the NSA and GCHQ had extracted millions of these Kis back in 2010.

But Gemalto says by then, it "had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft."

"In other words," writes a skeptical GigaOM, "Gemalto does it right (most of the time) while other suppliers may not have been so cautious."

Journalists, security experts and Twitter watchers alike aren't convinced it's quite that open-and-shut. For one thing, six days is a fast audit, especially when the NSA is a suspect.

As one security researcher asked Forbes: "Do they seriously believe they can conduct an investigation uncovering the truth in less than a week? This is a rush job to placate shareholders. Hopefully, they will keep investigating."

But Gemalto says it doesn't plan to issue further updates on the matter "unless a significant development occurs.​"